Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
28-08-2024 10:18
Static task
static1
Behavioral task
behavioral1
Sample
c6a7fa521a0b25222f73b3fb886fada2_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c6a7fa521a0b25222f73b3fb886fada2_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c6a7fa521a0b25222f73b3fb886fada2_JaffaCakes118.html
-
Size
186KB
-
MD5
c6a7fa521a0b25222f73b3fb886fada2
-
SHA1
629e4d809deff523dce9348247d95cec05722b74
-
SHA256
41d6b3b8ea94f41013b9ae33ad056841ae5b0740cdd44bbf1ec0c35c269856ba
-
SHA512
86a9968bad81e78105565e93f2bc25e4483e362b1d91f4006cc976ff4aba827814fb9c8f6bdcea6615f44f9cd20c7d104ec68ae3cfd7056f226eee65f62d17cb
-
SSDEEP
3072:CxDNvG8rm/GXmNJUNBVTRQUe+EXvnLIgjWyHb/th2wnngwDdnRzH:EVXmNJkIH
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 364 msedge.exe 364 msedge.exe 2204 msedge.exe 2204 msedge.exe 4344 msedge.exe 4344 msedge.exe 4344 msedge.exe 4344 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2204 wrote to memory of 2240 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 2240 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 3476 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 364 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 364 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe PID 2204 wrote to memory of 4188 2204 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c6a7fa521a0b25222f73b3fb886fada2_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb150c46f8,0x7ffb150c4708,0x7ffb150c47182⤵PID:2240
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:22⤵PID:3476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:364 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:82⤵PID:4188
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:2484
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4136
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:12⤵PID:3644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵PID:4428
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵PID:3400
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵PID:3372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:3436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4344
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3692
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2536
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ff63763eedb406987ced076e36ec9acf
SHA116365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA2568f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f
-
Filesize
152B
MD52783c40400a8912a79cfd383da731086
SHA1001a131fe399c30973089e18358818090ca81789
SHA256331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685
-
Filesize
23KB
MD533a83c16527e4531fbfca2631f653674
SHA187a63514c262ba4bffc52d2ceebb3ca14353507a
SHA2561156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4
SHA512f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3
-
Filesize
23KB
MD5a0423f1305547bb6b8f5a4fb1a9fc2d8
SHA1092dcf1fe57e6bb53821eb754e04188ee70602d5
SHA2566add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8
SHA512b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize336B
MD5f76a7f4899afe43154787ec294360e23
SHA1926728e3ae21efead917aacaaaebf2eecaf4d773
SHA256b243cff0dccc5a63391df64662a35a3f9269c7271113c18e9d843cf5c107f8aa
SHA512fc6dcb18755d9ddeb325bfaaaeb99ba81369a4796c388a8a82511db8347656785add01c1ec2f3f3de58ad6b29143f809340a8a56e568be2432e9273c6625af94
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD5215d003b6dddaa0c7bdec4a3bf8bd395
SHA198af44ce726e13e2a1cb9f561aeced4a464eb1e7
SHA2564fb294cba949241b03811c7e9ce0a27cc722ab8f95cf736a39745c43f2a5a63c
SHA51209714c25554e4f216ebc5e61d52f24cb7ad7d6d1070aa19cc0d2b79b7fb9505cd33f6a6792c98bdc46e9198cc2ba93978d549fcacd917ecb209f3034e8369ccb
-
Filesize
3KB
MD5625a6425a842fbbd5d1fcce3f94a9e79
SHA16fc4c7af00281fedba9ece1f3a82ba1593342e2c
SHA2564086d356f6aa5c854523e72c0bf18fb098d0014acbecca9fd98fcdf0cfc5d629
SHA5120ad401b41d865e31fe2cc3bf32b0042a305254f3ee20c651c9036a713dd556de2b15bdf4bdcd07c22b6ef6268fae97bc75a27a24943b7499bef4192a23bdbdb9
-
Filesize
5KB
MD592f9013ca3e5476b1cc6cc2986e675f1
SHA15ca58ee88a3a02d99d954b50c5b1dc3bfe807dd9
SHA2569adaeaca95d2bce6f2dbbf43303f86da7275551b4ca8a3611bf30008988dd4e3
SHA5125189bb13204fda89c97c9b7d3700f023444986a764118c7542cd821cc1abef3cb12d5fd7229c36578108fe9d43b446c4f689cf5d7c5014bb744abb841bec6de2
-
Filesize
7KB
MD5e706cc326782ca7732a5828f7f57ad30
SHA12e409516034d01fa1a19edb6b1087ef1fe24e359
SHA2561f1bf9781077cc1215a40f949b749059d343ef5d4ad23575318272e4fdc8c07c
SHA5129734a4c0dbb215b9562269853d41781474e9bf4bbc2bbb584469b25c70be99deb59563943f2466639814f294f7e6429871c37ff559f8b3f93fdd351cbd5de585
-
Filesize
10KB
MD566a1ead3514e010c718318a46d3061fa
SHA17c759f0198b43b24771b5860d70c940696977d51
SHA256fde21cf040900f0d26ec86f79c31bace14a54a3ebd7624bdfdbeae6b2efb672b
SHA512705dab3ca6833cc09d4b6fb8afb8289fc0fedb504937e40a0db881f7ac6f7ef7156a1ef712cfd28226ff4173d2ae776bba7d5ef1e1599f096a1354900d7c73da
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e